Cross Site Scripting VulnerabilitiesThis site intends to show how many sites on the internet are completely vulnerable to a two year old security problem. They refuse to fix the problem, while still bragging about how secure their information is. Well, it's not. Here's why.
Background info:
I've also added banking sites with insecure logins. These sites are vulnerable even easier, man in the middle active attacks. Banks unfortunately ignore these easy attacks, focusing on harder attacks involving cracking encryption or breaking firewalls. These insecure login forms were never secured or encrypted, so they can be modified in transit to the user and rewritten to redirect logins to another site to capture login data. Banks should immediately redirect customers to secure sites to insure the accuracy of pages. Users should not use or trust any bank webpage that does not start with https. Many sites rush their product out the door with out necessary security precautions. In this day and age, no web site with customer data to protect should go live with out and complete review of existing security alerts from sites like CERT. In addition, when running a site, if the site operator receives specific information on security holes, they should act immediately to protect the problem. Many sites have failed to do this. Many crackers know this and will use these holes if they are not fixed. A few of these holes in Hotmail have been publicized, but other then that, many site's holes have gone unfixed. [ List of sites with Cross Site Scripting Security Holes & other security problems ]In the interest of safety we are starting a public list of active security holes on live sites. We suggest that you turn off javascript, and keep it off, if you don't want your data left open when you visit various websites. For home users: Here are some tips for making your computer more secure. [ Thanks for all your donations.. I should be able to keep this going for a while now ] |